Key Summary:
Lazarus Group hackers used fake NFT games to steal crypto wallet credentials.
The malware in DeTankZone exploits a Chrome vulnerability for remote access.
Social engineering helps the Lazarus Group target large audiences.


Yerevan (CoinChapter.com) – North Korean hackers known as Lazarus Group used fake NFT games to exploit Chrome vulnerabilities to steal crypto wallet credentials. Security analysts at Kaspersky Lab reported that the cyberattack exploited a zero-day vulnerability in Google Chrome to gain unauthorized access to user devices. The attackers targeted the blockchain game clone DeTankZone and advertised it as a play-to-earn (P2E) multiplayer online battle arena (MOBA) game to lure unsuspecting players.


Lazarus Group’s malware was embedded in the source code of the DeTankZone NFT game.
securelist.com
Lazarus Group embedded malware directly into gaming websites
detankzone.com
This allowed them to infect any device that interacted with the site. According to Kaspersky, the malicious script bypassed Chrome's security protections. It exploited a vulnerability in Chrome's V8 JavaScript engine, enabling remote code execution. In this way, the hackers deployed the Manuscrypt malware and took control of user devices. This access allowed them to obtain sensitive crypto wallet credentials without downloading or other typical interactions.
Kaspersky discovers Chrome vulnerability, Google releases patch
After discovering the vulnerability, Kaspersky Lab immediately notified Google. Soon after, Google released a security update to address the vulnerability, even though the attackers had already accessed several devices. The incident raised concerns about the wider impact of such attacks on cryptocurrency users and businesses around the world.
Boris Larin and Vasily Berdnikov, security analysts at Kaspersky, noted that the Lazarus Group used advanced social engineering techniques to create an illusion of authenticity for the game. They set up a professional website and high-level LinkedIn account to establish credibility. In addition, the attackers used social platforms such as X and LinkedIn to use AI-generated marketing materials and invited well-known cryptocurrency influencers to promote the fake NFT game. This comprehensive approach attracted a wide audience and increased the effectiveness of the attack.
Lazarus Group has a long history of cryptocurrency theft
The fake NFT game was not just a cover, it was a fully operational game. It included detailed game elements such as logos, 3D graphics, and user interfaces. However, anyone who visited the site was at serious risk. The Lazarus Group embedded the Manuscrypt malware in the game website. This malware harvested sensitive crypto wallet credentials, allowing them to conduct large-scale cryptocurrency theft.
The Lazarus Group has long been targeting the cryptocurrency industry. Notably, between 2020 and 2023, investigator ZachXBT linked them to more than 25 hacks with a total loss of more than $200 million. Therefore, this history highlights the group's continued focus on cryptocurrency theft. In addition, they often rely on vulnerabilities and social engineering to succeed.


Lazarus Group’s $200 million cryptocurrency laundering operation. Source:
ZachXBT
Major Cryptocurrency Theft Linked to Lazarus Group
Over the years, the Lazarus Group has conducted many major cryptocurrency theft operations. For example, in 2022, they reportedly stole more than $600 million in Ether (ETH) and USD Coin (USDC) through the Ronin Bridge hack. In addition, the U.S. Treasury Department has linked them to multiple cyberattacks against financial institutions and global cryptocurrency platforms.
In September 2023, data from 21.co (the parent company of 21Shares) showed that the organization still held more than $47 million in various cryptocurrencies. These included assets such as Bitcoin (BTC), Binance Coin (BNB), Avalanche (AVAX), and Polygon (MATIC).
Furthermore, the report estimates that the Lazarus Group has amassed more than $3 billion in digital assets between 2017 and 2023. Their influence on the cryptocurrency industry is enormous, highlighting their continued focus on the cryptocurrency market.
Social engineering is key to Lazarus Group’s cyber strategy
It is worth noting that the success of this attack relied heavily on social engineering. Through carefully crafted promotional materials, AI-generated graphics, and credible-looking LinkedIn profiles, the Lazarus Group successfully disguised their fake NFT games as legitimate games, attracting cryptocurrency enthusiasts. This sophisticated approach circumvents common cybersecurity defenses and expands the range of potential victims.